Laboratório de vírus Avira

TR/Dropper.Gen

  • Nome
    TR/Dropper.Gen
  • Data em que surgiu
    21/07/2016
  • Tipo
    Malware
  • Impacto
    Médio 
  • Infecções relatadas
    Médio 
  • Sistema operacional
    Windows

O termo 'TR' refere-se a um Cavalo de Troia que pode espionar dados, violar sua privacidade ou realizar modificações indesejadas no sistema.

Rotina de detecção genérica, criada para detectar características comuns de certas famílias, apresentadas em várias versões.Esta rotina de detecção especial foi desenvolvida para detectar versões ainda não descobertas, e será melhorada constantemente.

  • Processos
    • %APPDATA%\Roaming\Images\image.exe
    • %APPDATA%\Roaming\Images\NsCpuCNMiner32.exe
    • %executed_sample_name%.exe
  • Arquivos
    Os seguintes arquivos foram criados:
    • %TEMPDIR%\nsr7619.tmp
    • %TEMPDIR%\nsg7629.tmp
    • %TEMPDIR%\nsg7629.tmp\inetc.dll
    • C:\xrdmnsxx\temp.txt
    • %TEMPDIR%\nsrB9BD.tmp
    • %TEMPDIR%\nsgB9CD.tmp
    • %TEMPDIR%\nsgB9CD.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\NsCpuCNMiner32.exe
    • %APPDATA%\Roaming\Images\NsCpuCNMiner64.exe
    • %APPDATA%\Roaming\Images\NsGpuCNMiner.exe
    • %APPDATA%\Roaming\Images\Data.bin
    • %APPDATA%\Roaming\Images\pools.txt
    • %APPDATA%\Roaming\Images\tmp.ini
    • %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\image.lnk
    • %APPDATA%\Roaming\Images\temp.txt
    • %TEMPDIR%\nseCC11.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\image.exe
    Os seguintes arquivos foram alterados:
    • %temporary_internet_files%\Content.IE5\index.dat
    • %APPDATA%\Roaming\Microsoft\Windows\Cookies\index.dat
    • %APPDATA%\Local\Microsoft\Windows\History\History.IE5\index.dat
    • %APPDATA%\Roaming\Microsoft\Windows\IETldCache\index.dat
    • %TEMPDIR%\nseCC11.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\image.exe
    Os seguintes arquivos foram excluídos:
    • %TEMPDIR%\nsr7619.tmp
    • %TEMPDIR%\nsg7629.tmp
    • %TEMPDIR%\nsg7629.tmp\inetc.dll
    • C:\xrdmnsxx\temp.txt
    • %TEMPDIR%\nsrB9BD.tmp
    • %TEMPDIR%\nsgB9CD.tmp
    • %APPDATA%\Roaming\Images\tmp.ini
    • %APPDATA%\Roaming\Images\temp.txt
    • %APPDATA%\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    As seguintes cópias foram criadas:
    • %APPDATA%\Roaming\Images\image.exe
    • C:\images.scr
    • E:\images.scr
    Os seguintes drivers estão carregados:
    • %SYSDIR%\shdocvw.dll
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %APPDATA%\Local\Microsoft\Windows\Caches\cversions.1.db
    • %ALLUSERSPATH%\desktop.ini
    • %USERPATH%\Desktop\desktop.ini
    • %USERPATH%\Searches\desktop.ini
    • %USERPATH%\Videos\desktop.ini
    • %USERPATH%\Pictures\desktop.ini
    • %USERPATH%\Contacts\desktop.ini
    • %USERPATH%\Favorites\desktop.ini
    • %USERPATH%\Music\desktop.ini
    • %USERPATH%\Downloads\desktop.ini
    • %USERPATH%\Documents\desktop.ini
    • %USERPATH%\Links\desktop.ini
    • %USERPATH%\Saved Games\desktop.ini
    • %WINDIR%\AppPatch\sysmain.sdb
    • %SYSDIR%\en-US\shdocvw.dll.mui
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\%executed_sample%
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    • C:\
    • %WINDIR%\SysWOW64\en-US\SHELL32.dll.mui
    • %APPDATA%\Roaming\Images\image.exe
    Os seguintes arquivos são executados:
    • %SYSDIR%\shdocvw.dll
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %APPDATA%\Local\Microsoft\Windows\Caches\cversions.1.db
    • %ALLUSERSPATH%\desktop.ini
    • %USERPATH%\Desktop\desktop.ini
    • %USERPATH%\Searches\desktop.ini
    • %USERPATH%\Videos\desktop.ini
    • %USERPATH%\Pictures\desktop.ini
    • %USERPATH%\Contacts\desktop.ini
    • %USERPATH%\Favorites\desktop.ini
    • %USERPATH%\Music\desktop.ini
    • %USERPATH%\Downloads\desktop.ini
    • %USERPATH%\Documents\desktop.ini
    • %USERPATH%\Links\desktop.ini
    • %USERPATH%\Saved Games\desktop.ini
    • %WINDIR%\AppPatch\sysmain.sdb
    • %SYSDIR%\en-US\shdocvw.dll.mui
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\%executed_sample%
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    • C:\
    • %WINDIR%\SysWOW64\en-US\SHELL32.dll.mui
    • %APPDATA%\Roaming\Images\image.exe
  • Registro
    São adicionadas as seguintes entidades de registro:
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASAPI32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAAB8AAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAADAs5VCEA3RAQAAAAAAAAAAAAAAAAIA AAAXAAAAAAAAAP6AAAAAAAAA5aw1NW8R55ELAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqHQEAAAAAAAAAAAADUgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") ("DefaultConnectionSettings": "RgAAAAQAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000") ("WpadNetworkName": "Network 2")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34}\00-23-7d-29-a4-a9
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{58BF48AF-81A4-472D-9931-7D3DA8432D34}")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\image_RASAPI32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\image_RASMANCS
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAACAAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Coin": "%APPDATA%\Roaming\Images\image.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "3")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "Iº4TÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadExpirationDays": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadNetworkName": "Network")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDhcp": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDns": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
    Altera as seguintes entidades de registo:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAAB8AAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAADAs5VCEA3RAQAAAAAAAAAAAAAAAAIA AAAXAAAAAAAAAP6AAAAAAAAA5aw1NW8R55ELAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqHQEAAAAAAAAAAAADUgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") ("DefaultConnectionSettings": "RgAAAAQAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000") ("WpadNetworkName": "Network 2")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{58BF48AF-81A4-472D-9931-7D3DA8432D34}")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAACAAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Coin": "%APPDATA%\Roaming\Images\image.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "3")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "Iº4TÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadExpirationDays": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadNetworkName": "Network")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDhcp": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDns": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
    Os valores das seguintes chaves registo são removidos:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
  • Alias
    Avast: Win32:Malware-gen
    Dr. Web: Trojan.BtcMine.688
    ESET: NSIS/CoinMiner.P trojan
    G Data: Trojan.AgentWDCR.ERF
    Kaspersky Lab: HEUR:Trojan.NSIS.BitMin.gen
    Microsoft: Trojan:Win32/CoinMiner!bit

Ajude a tornar a rede mais segura enviando-nos arquivos/URLs suspeitos para análise.

Envie o seu arquivo/URL Ou Acesse o Avira Answers

Porque enviar um arquivo suspeito?

Se você encontrou um arquivo ou um website suspeito que não está na nossa base de dados, nós analisaremos e determinaremos se ele é nocivo. As nossas descobertas são, então, enviadas aos nossos milhões de usuários através da próxima atualização da base de dados de vírus. Se você possui o Avira, você obterá essa atualização também. Não possui o Avira? Obtenha-o através do nossa página inicial.

O que é o Avira Answers?

Esta é a nossa próspera comunidade de profissionais técnicos e especialistas a meio período, trabalhando em conjunto para ajudar a resolver os problemas da tecnologia. É o lugar perfeito onde fazer as suas perguntas, em uma comunidade de colegas usuários do Avira.